Question posted in 
I got MySql Server on Azure and is configured with Azure Directory Admin.
Example
MySql Servername: mysqlserver and
MySql AD Admin Account: [email protected] (this organisation domain account)
Can see above account from MySql Server under User Accounts.
I stood-up Azure Web App for phpMyadmin and configured to pointed to above MySql db.
When an logging into phpMyAdmin with above Active Directory Admin Account is getting validated against AD, but getting error
mysqli::real_connect(): (HY000/9013): An error occurred while validating the access token. Please acquire a new token and retry.
I need to get a Ad token which need to passed to MySql server.
How to achieve this in Azure Web App?
2
Answers
This documentation should help you: https://learn.microsoft.com/en-gb/azure/mysql/howto-configure-sign-in-azure-ad-authentication#connecting-to-azure-database-for-mysql-using-azure-ad.
You need to acquire an access token in your code for your user against the resource:
https://ossrdbms-aad.database.windows.netor against the scope (if using v2):https://ossrdbms-aad.database.windows.net/.default.Acquiring access tokens with AAD is a whole another topic and the exact way depends on your app.
This answer might help for that: https://stackoverflow.com/a/33512913/1658906
I have the same set up (except phpmyadmin running in a container in AKS).
I believe phpmyadmin can’t connect to mysql with azure ad enabled (at least with an AD user/group) because the token (password) is required to be sent in cleartext, and phpmyadmin hashes it before sending it.
I think that’s why I get the An error occurred while validating the access token. Please acquire a new token and retry. error.
That’s also why in the docs, they set the
--enable-cleartext-pluginflag on their examplemysqlcli commands.Also in the docs, they state that it’s only tested with myqsl cli and mysqladmin.
I’m currently planning on ditching phpmyadmin for azure bastion and a VM running mysqlworkbench for this reason.